Jump to content

C/side

Add links
From Simple English Wikipedia, the free encyclopedia

c/side is an American computer software company based in San Francisco, California. It is a business-focused organization that works in security and claims to have identified several large-scale browser-side supply chain attacks.[1]

History

[change | change source]

c/side was founded in 2024 by Simon Wijckmans [2] and launched publicly in May 2024.

Funding

[change | change source]

In May 2024, c/side announced it had raised $1.7 million in pre-seed funding.[3] In September 2024, the company raised a $6 million seed round led by cybersecurity and AI-focused investors.[4]

Research

[change | change source]

c/side has discovered and publicly disclosed details about large-scale security vulnerabilities, including large-scale browser-side supply chain attacks, including:

  • Polyfill Supply Chain Attack (June 2024): In February 2024, a Chinese company acquired the domain and GitHub account for Polyfill.io, a popular open-source library used by over 100,000 websites. Subsequently, the domain was used to inject malicious code into websites embedding scripts from cdn.polyfill.io, redirecting users to malicious sites. [5] [6][7] [8]
  • WordPress plug-in vulnerabilities (January 2025): In a coordinated campaign, attackers exploited vulnerabilities in outdated versions of WordPress and associated plugins to compromise thousands of websites, redirecting visitors to malicious domains or prompting them to download malware. [9] [10] [11]
  • WP3[.]XYZ Malware Attack (January 2025): A widespread malware campaign targeted over 5,000 WordPress websites, injecting malicious scripts from the domain wp3[.]xyz/td.js. The exact method of injection remains under investigation. [12][13] [14]
  • Malicious full-page hijack injection (March 2025): In February 2025,[15] a threat actor was observed targeting over 35,000 websites with a malicious full-page hijack injection; by March 2025, the campaign had expanded to impact an estimated 150,000 websites, using newly identified tactics and techniques. [16] [17] [18] [19]
  • North Korean schemes to get Western jobs (May 2025): In May 2025,[20] Wired Magazine worked with c/side's CEO Simon Wijckmans to uncover the continued efforts of the North Korean government to place employees in Western companies.

References

[change | change source]
  1. "c/side Highlights the Growing Risks Around Client-side Web Application Security". TechTarget. 2025-03-31.
  2. "30 Under 30 - Europe - Technology (2025)". Forbes. 2025-04-19.
  3. "c/side Emerges from Stealth with $1.7 Million in Funding". GlobeNewswire. 2024-05-16.
  4. "c/side Raises $6M in Seed Funding". SecurityWeek. 2024-09-17.
  5. "More than 490k websites targeted in web supply chain attack". c/side blog. 2024-06-24.
  6. "Formerly legitimate Polyfill.io domain abused to serve malicious code". CSO Online. 2024-06-24.
  7. "If you're using Polyfill.io code on your site – like 100,000+ are – remove it immediately". The Register. 2024-06-24.
  8. "Polyfill Supply Chain Attack Hits Over 100k Websites". Security Week. 2024-06-24.
  9. "10,000 WordPress Websites Found Delivering MacOS and Windows Malware". c/side blog. 2025-01-27.
  10. "Hackers are hijacking WordPress sites to push Windows and Mac malware". TechCrunch. 2025-01-29.
  11. "Hackers Use 10,000 WordPress Sites To Deliver Malware To macOS and Microsoft Systems". Cyber Security News. 2025-01-30.
  12. "Over 5,000 WordPress sites caught in WP3[.]XYZ malware attack". c/side blog. 2025-01-13.
  13. "WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites". Bleeping Computer. 2025-01-14.
  14. "Thousands of WordPress Websites Hit in New Malware Attack, Here's What We Know". TechRadar. 2025-01-15.
  15. "Over 35,000 Websites Targeted in Full-Page Hijack Linking to a Chinese-Language Gambling Scam". c/side blog. 2025-02-20.
  16. "Over 150K websites hit by full-page hijack linking to Chinese gambling sites". c/side blog. 2025-03-26.
  17. "Thousands of websites have now been hijacked by this devious, and growing, malicious scheme". MSN.com. 2025-03-28.
  18. "Threat Actors Hacked 150,000 Sites to Link Chinese Gambling Sites". Cyber Security News. 2025-03-28.
  19. "150,000 Sites Compromised by JavaScript Injection Promoting Chinese Gambling Platforms". The HackerNews. 2025-03-27.
  20. "North Korea Stole Your Job". Wired. 2025-05-01.
Retrieved from "https://simple.wikipedia.org/w/index.php?title=C/side&oldid=10272230"